CVE-2019-0567

HIGH

ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2019-0567. PoCs published by Google Security Research, samyuktha_p, ntdelta.

AI-analyzed exploit summary This PoC demonstrates a type confusion vulnerability in JavaScript engines by exploiting the side effects of NewScObjectNoCtor and InitProto opcodes, leading to memory corruption. It overwrites property slots with an arbitrary value (0x1234) to trigger the issue.

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/46203

View Code ZIP pw:eip

This PoC demonstrates a type confusion vulnerability in JavaScript engines by exploiting the side effects of NewScObjectNoCtor and InitProto opcodes, leading to memory corruption. It overwrites property slots with an arbitrary value (0x1234) to trigger the issue.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ChakraCore (Microsoft Edge)

No auth needed

Prerequisites: A vulnerable version of ChakraCore/JavaScript engine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by samyuktha_p · poc

https://gitlab.com/samyuktha_p/cve-2019-0567

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-0567, a Microsoft Edge Chakra vulnerability. The exploit demonstrates arbitrary memory read/write capabilities and achieves remote code execution by leveraging a type confusion bug in the Chakra JavaScript engine.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Edge (ChakraCore version 1.11.4)

No auth needed

Prerequisites: ChakraCore version 1.11.4 executable · Windows environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec WORKING POC

by ntdelta · poc

https://github.com/ntdelta/chakra-exploit-framework

View Code ZIP pw:eip

This repository contains a Chakra exploitation framework targeting CVE-2019-0567, a type confusion vulnerability in the Chakra JavaScript engine. It includes features like abstracted Windows API calls, a custom memory allocator, and ROP chain construction for sandbox escape.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Chakra (Edge Legacy)

No auth needed

Prerequisites: Target running a vulnerable version of Chakra (pre-2019 Edge)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by NatteeSetobol · poc

https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2019-0567, a type confusion vulnerability in Microsoft Edge. The exploit includes a Python script to convert shellcode into JavaScript format for use in the exploit.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Edge on Windows 10 build 15063.483

No auth needed

Prerequisites: Target running Microsoft Edge on Windows 10 build 15063.483 · Ability to deliver the exploit via a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by NatteeSetobol · poc

https://github.com/NatteeSetobol/Chakra-CVE-2019-0567

View Code ZIP pw:eip

This PoC exploits a type confusion vulnerability in ChakraCore (CVE-2019-0567) to achieve arbitrary code execution via a ROP chain. It leaks memory addresses, constructs a ROP chain, and ultimately executes 'calc.exe' as a demonstration.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: ChakraCore (Microsoft Edge)

No auth needed

Prerequisites: Target must be running a vulnerable version of ChakraCore · JavaScript execution environment (e.g., Microsoft Edge)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46203/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106418

Scores

CVSS v3 7.5

EPSS 0.8962

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

microsoft/chakracore

microsoft/edge

nuget/Microsoft.ChakraCore 0 - 1.11.5NuGet

Published Jan 08, 2019

Tracked Since Feb 18, 2026